HP ProCurve 5300xl Series Management Manual page 444
Advanced traffic
Hide thumbs
Also See for ProCurve 5300xl Series:
- Access security manual (292 pages) ,
- Specification sheet (12 pages) ,
- Management and configuration manual (508 pages)
Table of Contents
Advertisement
Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Planning an ACL Application on a Series 3400cl or Series 6400cl Switch
Table 10-5. Example of Using an IP Address and Mask in an Access Control Entry
IP Address in the ACE
A: 10.38.252.195
0.0.0.255
B: 10.38.252.195
0.0.7.255
C: 10.38.252.195
0.0.0.0
D: 10.38.252.195
0.15.255.255 Exact match in the first octet
10-34
Examples Allowing Multiple IP Addresses. Table 10-5 provides exam
ples of how to apply masks to meet various filtering requirements.
Mask
Policy for a Match Between a
Packet and the ACE
Exact match in first three
octets only.
Exact match in the first two
octets and the leftmost five bits
(248) of the third octet.
Exact match in all octets.
and the leftmost four bits of the
second octet.
Table 10-6. Mask Effect on Selected Octets of the IP Addresses in Table 10-5
IP
Octet
Mask
Addr
A
3
0
all bits
B
3
7
last 3 bits
C
4
0
all bits
D
2
15
last 4 bits
Shaded areas indicate bit settings that must be an exact match.
If there is a match between the policy in the ACE and the IP address in a packet,
then the packet is either permitted or denied, according to how the ACE is
configured. If there is not a match, the next ACE in the ACL is then applied to
the packet. The same operation applies to a destination IP address (DA) used
in an extended ACE. (Where an ACE includes both source and destination IP
addresses, there is one IP-address/ACL-mask pair for the source address, and
another IP-address/ACL-mask pair for the destination address. See "Configur
ing and Assigning an ACL" on page 10-35.)
CIDR Notation. For information on using CIDR notation to specify ACL
masks, refer to "Using CIDR Notation To Enter the ACL Mask" on page 10-42.
Allowed IP Addresses
10.38.252.< 0-255 >
(See row A in table 10-6, below.)
10.38.< 248-255 >.< 0-255 >
(In the third octet, only the rightmost three bits are
wildcard bits. The leftmost five bits must be a
match, and in the ACE, these bits are all set to 1. See
row B in table 10-6, below.)
10.38.252.195
(There are no wildcard bits in any of the octets. See
row C in table 10-6, below.)
10.< 32-47 >.< 0-255 >.<0-255>
(In the second octet, the rightmost four bits are
wildcard bits. See row D in table 10-6, below.)
Octet
128
64
32
Range
252
1
1
1
248-255
1
1
1
195
1
1
0
32-47
0
0
1
16
8
4
2
1
1
1
0
1
1
0 or 1 0 or 1 0 or 1
0
0
0
1
0
0 or 1 0 or 1
0 or 1 0 or 1
1
0
1
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
